Re: EFS and transparent file sharing on XP pro

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/29/05 

Date: Fri, 29 Apr 2005 13:01:24 -0500

If that is the case then follow Roger's advice as the password "reset" on a
workgroup computer will deny access to EFS files. This is done as a
precaution to prevent access to your EFS files from an attacker that may
gain administrative access to your computer. The link below explains more on
this. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;290260

"Jim" <nobodyhome@antispam.tv> wrote in message
news:Ojo5u9NTFHA.2560@TK2MSFTNGP09.phx.gbl...
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%23muiVdMTFHA.3540@TK2MSFTNGP10.phx.gbl...
>> Use the mmc [mmc in run box] snapin for certificates for user to view
>> your
>> personal certificates under the personal/certificates folder. See if you
>> have certificates for EFS and the first page of certificate properties
> must
>> show "you have a private key that corresponds to this certificate".
>
> Yes.
>
> And "details" pane shows the key, which appears to be "good."
>
>>It
>> almost sounds like your original EFS certificate/private key has been
>> deleted or severely corrupted. If the operating system was reinstalled
> then
>> very possibly the original certificate/private key has been deleted.
>
> A long time ago, the operating system was rebuilt after a HD failure. But
> I've been encrypting and decrypting old and new files since then.
>
>>EFS
>> best practices are that users must export their certificate and private
> key
>> to a password protected .pfx file or loss to data can be permanent.
> Efsinfo
>> can also be used to find more information about any EFS files and the
>> existence of a Recovery Agent which may be possible particularly if you
> are
>> in an Active Directory domain. --- Steve
>
> This computer is in a workgroup and not a domain.
>
> "efsinfo" shows that my account can decrypt.
>
> And (as noted) in my reply to Roger (Message-ID:
> <OyQzhiMTFHA.2548@TK2MSFTNGP14.phx.gbl>), I did change my account
> password
> at or after the time I encrypted the most recent file (per timestamp) that
> I
> cannot access. "New" files decrypt fine.
>
>>
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243026
>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
>>
>> "Jim" <nobodyhome@antispam.tv> wrote in message
>> news:OBTnamJTFHA.616@TK2MSFTNGP12.phx.gbl...
>> > Pardon the cross posting, but I don't know which group this problem
>> > belongs
>> > in....
>> >
>> > Yesterday, XP pro (for a reason I can't figure out yet) added a new
>> > certificate for EFS for my userid. As a result, files encrypted AFTER
>> > that
>> > period of time can be decrypted w/o problem. However, none of my old
>> > files
>> > can not. "access denied" is the message I get.
>> >
>> > When I view "properties" of an older file and click on "advanced," and
>> > then
>> > "details," I see the thumbprint of the user who can transparently
>> > access
>> > the
>> > file. However, when I try to add or remove/add the new new thumbprint
>> > (ie.,
>> > to "share access"), I get error code 5.
>> >
>> > Error code 5 (says MS KB article 308991) occurs when the person
> attempting
>> > to share access is neither an administrator nor the person who
> originally
>> > encrypted the file. Well, my account is both in the administrator
>> > group
>> > AND
>> > is the account that encrypted the file.
>> >
>> > In addition, and I don't know if this is relevant, but when I select
> "add"
>> > under the "Encryption Details" pane, a "Select User" pane opens up with
>> > both
>> > my certificates listed. However, both certificates, when opened up
>> > have
> a
>> > red "X" on the icon with the text: "This CA root certificate is not
>> > trusted. To enable trust, install this certificate in the trustee rood
>> > certification authorities store." Is this related to my problem or is
>> > this
>> > a domain only thing?
>> >
>> > My bottom line: I am looking for any ideas on how to add transparent
>> > access
>> > so I can decrypt the files and get them OUT of EFS.
>> >
>> > Would using "system restore" work, stepping back to the
>> > day-before-yesterday?
>> >
>> > After this, beliefe me, I intend to "forgeddaboutit" as far as EFS is
>> > concerned. What a pain!
>> >
>> > Thanks in advance....
>> >
>> > Regards,
>> > Jim
>> >
>> >
>>
>>
>
>